Hi YoKenny,
Nice link, but that one at popwatch gives me a ghostery alert for 6 trackers, yes 6...
AddThis
QuantCast
Quigo AdSonar
Revenue Science
Tacoda
Wordpress Stats
RequestPolicy report a secret link from Wordpress.com to TimeInc.net
Just was curious enough to look under the hood of this site, and there also was this issue:
I saw this in the error console:
Error: [Exception... "'NoScript aborted redirection to
http://img2-short.timeinc.net/ew/static ... js?ver=MU' when calling method: [nsIChannelEventSink::onChannelRedirect]" nsresult: "0x8057001e (NS_ERROR_XPC_JS_THREW_STRING)" location: "<unknown>" data: no]
====================
[NoScript] Potential cross-site E4X hijacking detected and blocked (
http://www.ew.com/ew/js/main/0,,,00.js?ver=MU)
E4X currently is only fully supported by Firefox and maybe Google Chrome I assume. It enables you to use XML data within Javascript and has plenty of little quirks, google around for the details
So you can use XML data within javascript that means we can access that data cross domain but only if it’s been assigned to a variable right? Well not exactly. You see if we can control any aspect of the XML data we can then poison it with UTF-7 encoded data, this means we can access inline XML without any variable assignment, full malcode potentional lies in the foreseeable future,
polonus